The group aims to translate the complex nature of Cyber Security into an easily comprehensible way to understand, monitor and control the risks of employing current and future technologies. With a strong commitment to co-designed solutions with the potential end-users, we research new ways on how to expose and present the raised implications on privacy, risk, security and safety.
'Information Science Institute'
Research institute ISI
The Information Science Institute has established strong collaborations with multidisciplinary research teams from different faculties (Medicine, Psychology, Science, Society Sciences) and has an extensive national and international network that includes many academic institutions, public administrations, creativity and innovation consultants, think tanks and services providers. ISI is located at the Intrafaculty Computer Science Centre CUI (Batelle campus).
Geneva School of Economics and Management
Business School of the University of Geneva GSEM
The Geneva School of Economics and Management is committed to a broad-based, multidisciplinary approach to the sciences of economics and management. The GSEM will ensure that the University of Geneva receives the recognition it deserves in this domain.
University of Geneva
Founded in 1559 by Jean Calvin, the University of Geneva (UNIGE) is dedicated to thinking, teaching, dialogue and research. With 16’500 students of more than 150 different nationalities, it is Switzerland’s second largest university.
Team
Niels A. Nijdam
MER, Lab director
Anastasija Collen
Senior researcher, Lab co-director
Maher Ben Moussa
Senior researcher, ISI project manager
Benedetto M. Serinelli
PhD candidate
Meriem Benyahya
PhD candidate
Teri Lenard
PhD candidate
Akram Mohammed
Postdoctoral Researcher
Projects
GHOST
H2020 Project (May 2017-Apr 2020)
GHOST envisions a transparent cybersecurity environment by developing a user-friendly application to improve security and privacy in a Digital Home connected to Internet of Things (IoT), using the most advanced technologies available for this purpose.
AVENUE
H2020 Project (May 2018-Apr 2022)
AVENUE aims to design and carry out full scale demonstrations of urban transport automation by deploying, for the first time worldwide, fleets of autonomous mini-buses.
nIoVe
H2020 Project (May 2019-Apr 2022)
nIoVe aims to deploy a novel multi-layered interoperable cybersecurity solution for the IoV to share cyber threat intelligence, synchronise and coordinate cybersecurity strategies, response and recovery activities.
SHOW
H2020 Project (Jan 2018-Dec 2022)
SHOW aims to estimate and evaluate the role of autonomous vehicles (AVs) in making urban transport more effective, sustainable and user friendly.
Publications
GHOST-Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control
2018
Using Blockchains to Strengthen the Security of Internet of Things
2018
Towards Reliable Integrity in Blacklisting: Facing Malicious IPs in GHOST Smart Contracts
2018
Implementing a Forms of Consent Smart Contract on an IoT-based Blockchain to promote user trust
2018
A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective
2019
Towards Automated Threat-based Risk Assessment for Cyber Security in Smarthomes
2019
From Internet of Threats to Internet of Things: A Cyber Security Architecture for Smart Homes
2019
Training Guidance with KDD Cup 1999 and NSL-KDD Data Sets of ANIDINR: Anomaly-Based Network Intrusion Detection System
2020
A Blockchain Solution for Enhancing Cybersecurity Defence of IoT
2020
On the analysis of open source datasets: validating IDS implementation for well-known and zero day attack detection
2021
Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments
2022
The Interface of Privacy and Data Security in Automated City Shuttles: The GDPR Analysis
2022
GHOST-Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control
Collen, A., Nijdam, N.A., Augusto-Gonzalez, J., Katsikas, S.K., Giannoutakis, K.M., Spathoulas, G., Gelenbe, E., Votis, K., Tzovaras, D., Ghavami, N., Volkamer, M., Haller, P., Sánchez, A. and Dimas, M.
Abstract: We present the European research project GHOST, (Safe-guarding home IoT environments with personalised real-time risk control), which challenges the traditional cyber security solutions for the IoT by proposing a novel reference architecture that is embedded in an adequately adapted smart home network gateway, and designed to be vendor-independent. GHOST proposes to lead a paradigm shift in consumer cyber security by coupling usable security with transparency and behavioural engineering.
Using Blockchains to Strengthen the Security of Internet of Things
Kouzinopoulos, C.S., Spathoulas, G., Giannoutakis, K.M., Votis, K., Pandey, P., Tzovaras, D., Katsikas, S.K., Collen, A. and Nijdam, N.A.
Abstract: Blockchain is a distributed ledger technology that became popular as the foundational block of the Bitcoin cryptocurrency. Over the past few years it has seen a rapid growth, both in terms of research and commercial usage. Due to its decentralized nature and its inherent use of cryptography, Blockchain provides an elegant solution to the Byzantine Generals Problem and is thus a good candidate for use in areas that require a decentralized consensus among untrusted peers, eliminating the need for a central authority. Internet of Things is a technology paradigm where a multitude of small devices, including sensors, actuators and RFID tags, are interconnected via a common communications medium to enable a whole new range of tasks and applications. However, existing IoT installations are often vulnerable and prone to security and privacy concerns. This paper studies the use of Blockchain to strengthen the security of IoT networks through a resilient, decentralized mechanism for the connected home that enhances the network self-defense by safeguarding critical security-related data. This mechanism is developed as part of the Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control (GHOST) project.
Towards Reliable Integrity in Blacklisting: Facing Malicious IPs in GHOST Smart Contracts
Spathoulas, G., Collen, A., Pandey, P., Nijdam, N.A., Katsikas, S., Kouzinopoulos, C.S., Moussa, M.B., Giannoutakis, K.M., Votis, K. and Tzovaras, D.
Abstract: Blockchain is a distributed ledger technology that became popular as the foundational block of the Bitcoin cryptocurrency. Over the past few years it has seen a rapid growth, both in terms of research and commercial usage. Due to its decentralized nature and its inherent use of cryptography, Blockchain provides an elegant solution to the Byzantine Generals Problem and is thus a good candidate for use in areas that require a decentralized consensus among untrusted peers, eliminating the need for a central authority. Internet of Things is a technology paradigm where a multitude of small devices, including sensors, actuators and RFID tags, are interconnected via a common communications medium to enable a whole new range of tasks and applications. However, existing IoT installations are often vulnerable and prone to security and privacy concerns. This paper studies the use of Blockchain to strengthen the security of IoT networks through a resilient, decentralized mechanism for the connected home that enhances the network self-defense by safeguarding critical security-related data. This mechanism is developed as part of the Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control (GHOST) project.
Implementing a Forms of Consent Smart Contract on an IoT-based Blockchain to promote user trust
Kouzinopoulos, C.S., Giannoutakis, K.M., Votis, K., Tzovaras, D., Collen, A., Nijdam, N.A., Konstantas, D., Spathoulas, G., Pandey, P. and Katsikas, S.
Abstract: The H2020 European research project Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control (GHOST) aims to develop a cyber-security layer on IoT smart home installations. The proposed system analyses packet-level data flows for building patterns of communications between IoT devices and external entities. To ensure non-repudiation, integrity and authentication of the data captured, they are stored in a Blockchain, a distributed ledger network, as digitally-signed transactions. Since the data can potentially include sensitive user information, it is imperative to promote trust by informing users about the operating principles of the network as well as to request the acceptance of a consent form by them. This paper presents the design and implementation of a Forms of Consent application, a Distributed Application that interacts with a set of Smart Contracts deployed on a private Ethereum network. The application is being developed as part of the GHOST project.
A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective
Abdulghani, H.A., Nijdam, N.A., Collen, A. and Konstantas, D.
Abstract: Internet of Things (IoT) makes our lives much easier, more valuable, and less stressful due to the development of so many applications around us like smart city, smart car, and smart grid that offer endless services and solutions. Protecting IoT data at rest either on the objects or in the cloud of such applications is an indispensable requirement for achieving a symmetry in the handling and protection of IoT, as we do with data created by persons and applications. This is because unauthorised access to such data may lead to harmful consequences such as linkage attacks, loss of privacy, and data manipulation. Such undesired implications may jeopardise the existence of IoT applications, if protection measures are not taken, and they stem from two main factors. One is IoT objects have limited capabilities in terms of memory capacity, battery life, and computational power that hamper the direct implementation of conventional Internet security solutions without some modifications like traditional symmetric algorithms. Another factor is the absence of widely-accepted IoT security and privacy guidelines for IoT data at rest and their appropriate countermeasures, which would help IoT stakeholders like developers and manufacturers to develop secure IoT systems and, therefore, enhance IoT security and privacy by design. To this end, we first briefly describe the main IoT security goals and identify IoT stakeholders. Moreover, we briefly discuss the most well-known data protection frameworks such as GDPR and HIPAA. Second, we highlight potential attacks and threats against data at rest and show their violated security goals (e.g., confidentiality and integrity). Third, we review a list of protection measures by which our proposed guidelines can be accomplished. Fourth, we propose a framework of security and privacy guidelines for IoT data at rest that can be utilised to enhance IoT security and privacy by design and establish a symmetry with the protection of user created data. Our framework also presents the link between the suggested guidelines, mitigation techniques, and attacks. Moreover, we state those IoT stakeholders like manufacturers and developers who will benefit most of these guidelines. Finally, we suggest several open issues required further investigation in the future, and we also discuss the limitations of our suggested framework.
Towards Automated Threat-based Risk Assessment for Cyber Security in Smarthomes
Pandey, P., Collen, A., Nijdam, N., Anagnostopoulos, M., Katsikas, S. and Konstantas, D.
Abstract: Cyber security is a concern of each citizen, especially when it comes to novel technologies surrounding us in our daily lives. Fighting a cyber battle while enjoying your cup of coffee and observing gentle lights dimming when you move from the kitchen to the sitting room to review your today’s running training, is no longer science fiction. A multitude of the cyber security solutions are currently under development to satisfy the increasing demand on threats and vulnerabilities identification and private data leakage detection tools. Within this domain, ubiquitous decision making to facilitate the life of the regular end-users is a key feature here. In this paper we present a Risk Assessment Model (RAM), originating from Negative to Positive approach, to automate the threat-based Risk Assessment (RA) process, tailored specifically to the smart home environments. The calculation model application is demonstrated on derived threat-triggered evaluation scenarios, which were established from analysing the historical evidence of data communication within the smarthome context. The main features of the proposed RAM are identification of the existing risks, estimation of the consequences on possible positive and negative actions and embedding of the mitigation strategies. The application of this modelling approach for automation of RA would lead to a deep understanding on the extent to which decision making could be automated while tracking and controlling the cyber risks within the end-user’s accepted risk level. Through the proposed RAM, common factors and variables are extracted and integrated into a quantified risk model before being embedded in the automated decision making process. This research falls within the GHOST (Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control) project, aiming to provide a cyber security solution targeted at the regular citizens.
From Internet of Threats to Internet of Things: A Cyber Security Architecture for Smart Homes
Augusto-Gonzalez, J., Collen, A., Evangelatos, S., Anagnostopoulos, M., Spathoulas, G., Giannoutakis, K.M., Votis, K., Tzovaras, D., Genge, B., Gelenbe, E. and Nijdam, N.
Abstract: The H2020 European research project GHOST – Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control – aims to deploy a highly effective security framework for IoT smart home residents through a novel reference architecture for user-centric cyber security in smart homes providing an unobtrusive and user-comprehensible solution. The aforementioned security framework leads to a transparent cyber security environment by increasing the effectiveness of the existing cyber security services and enhancing system’s self-defence through disruptive software-enabled network security solutions. In this paper, GHOST security framework for IoT-based smart homes is presented. It is aiming to address the security challenges posed by several types of attacks, such as network, device and software. The effective design of the overall multilayered architecture is analysed, with particular emphasis given to the integration aspects through dynamic and reconfigurable solutions and the features provided by each one of the architectural layers. Additionally, real-life trials and the associated use cases are described showcasing the competences and potential of the proposed framework..
Training Guidance with KDD Cup 1999 and NSL-KDD Data Sets of ANIDINR: Anomaly-Based Network Intrusion Detection System
Serinelli, B.M., Collen, A. and Nijdam, N.A.
Abstract: In today’s world, the protection of the computer networks remains one of the most crucial and difficult challenges in cyber security. In this work, a passive defence system ANIDINR is presented, aiming to monitor and protect computer networks. Our effort is focused on providing step-by-step guidance on methodologies selection and execution for the Machine and Deep Learning models’ training. Taking as an input two data sets, five MDL models are evaluated. Our goals are to minimise the percentage of Undetected Attack, the percentage of False Alarm Rate and the overall testing time. Based on this set-up, the proposed system is capable to predict in near-to-real time well-known and zero-day computer network attacks.
A Blockchain Solution for Enhancing Cybersecurity Defence of IoT
Giannoutakis, K.M., Spathoulas, G., Filelis-Papadopoulos, C.K., Collen, A., Anagnostopoulos, M., Votis, K., Nijdam, N.A.
Abstract: The growth of IoT devices during the last decade has led the development of smart ecosystems, such as smart homes, prone to cyberattacks. Traditional security methodologies support to some extend the requirement for preserving privacy and security of such deployments, but their centralized nature in conjunction with low computational capabilities of smart home gateways make such approaches not efficient. Last achievements on blockchain technologies allowed the use of such decentralized architectures to support cybersecurity defence mechanisms. In this work, a blockchain framework is presented to support the cybersecurity mechanisms of smart homes installations, focusing on the immutability of users and devices that constitute such environments. The proposed methodology provides also the appropriate smart contracts support for ensuring the integrity of the smart home gateway and IoT devices, as well as the dynamic and immutable management of blocked malicious IPs. The framework has been deployed on a real smart home environment demonstrating its applicability and efficiency.
On the analysis of open source datasets: validating IDS implementation for well-known and zero day attack detection
Serinelli, B.M., Collen, A., & Nijdam, N.A.
Abstract: This paper presents the implementation of an anomaly-based Intrusion Detection System (IDS), capable to detect well-known and zero-day attacks. First, we extend our previous work by generating the Machine Learning (ML) predictors based on KDD99, NSL-KDD and CIC-IDS2018 datasets, and providing the programming language evaluation and the final validation platform. We have built IDS detection solution in two phases. The first Training phase explores available datasets to generate the predictors. The second phase is composed of two processes. Extraction generates the statistical network traffic metrics from the PCAP files and processes them into commma separated values (CSV) files. The Prediction loads predictors in main memory and feeds them with CSV files to predict the well-known and zero-day attacks. The aforementioned initial datasets contain the statistical network traffic metrics of the well-known attacks, collected at runtime execution of the malicious software. Zero day attacks can generate a statistical network traffic metrics similar to well-known attacks. Therefore, to showcase the zero-day anomaly detection, we realise a validation platform. Six attacks (three Denial of Service (DoS) and three scanning), not recorded in the initial datasets, are executed in an isolated environment. The achieved result indicates a misclassification prediction error that inhibits the application of the automatic attack responses, although the misclassification errors were minimised, during the Training phase.
Can I Sleep Safely in My Smarthome? A Novel Framework on Automating Dynamic Risk Assessment in IoT Environments
Collen, A., & Nijdam, N.A.
Abstract: Fully automated homes, equipped with the latest Internet of Things (IoT) devices, aiming to drastically improve the quality of lives of those inhabiting such homes, is it not a perfect setting for cyber threats? More than that, this is a fear of many regular citizens and a trending topic for researchers to apply Cyber Threat Intelligence (CTI) for seamless cyber security. This paper focuses on the Risk Assessment (RA) methodology for smarthome environments, targeting to include all types of IoT devices. Unfortunately, existing approaches mostly focus on the manual or periodic formal RA, or individual device-specific cyber security solutions. This paper presents a Dynamic Risk Assessment Framework (DRAF), aiming to automate the identification of ongoing attacks and the evaluation of the likelihood of associated risks. Moreover, DRAF dynamically proposes mitigation strategies when full automation of the decision making is not possible. The theoretical model of DRAF was implemented and tested in smarthome testbeds deployed in several European countries. The resulting data indicate strong promises for the automation of decision making to control the tightly coupled balance between cyber security and privacy compromise in terms of the embedded services’ usability, end-users’ expectations and their level of cyber concerns.
The Interface of Privacy and Data Security in Automated City Shuttles: The GDPR Analysis
Benyahya, M., Kechagia, S., Collen, A., & Nijdam, N.A.
Abstract: The fast evolution and prevalence of driverless technologies has facilitated the testing and deployment of automated city shuttles (ACSs) as a means of public transportation in smart cities. For their efficient functioning, ACSs require a real-time data compilation and exchange of information with their internal components and external environment. However, that nexus of data exchange comes with privacy concerns and data protection challenges. In particular, the technical realization of stringent data protection laws on data collection and processing are key issues to be tackled within the ACSs ecosystem. Our work provides an in-depth analysis of the GDPR requirements that should be considered by the ACSs’ stakeholders during the collection, storage, use, and transmission of data to and from the vehicles. First, an analysis is performed on the data processing principles, the rights of data subjects, and the subsequent obligations for the data controllers where we highlight the mixed roles that can be assigned to the ACSs stakeholders. Secondly, the compatibility of privacy laws with security technologies focusing on the gap between the legal definitions and the technological implementation of privacy-preserving techniques are discussed. In face of the GDPR pitfalls, our work recommends a further strengthening of the data protection law. The interdisciplinary approach will ensure that the overlapping stakeholder roles and the blurring implementation of data privacy-preserving techniques within the ACSs landscape are efficiently addressed.
Automated city shuttle: Let’s have a ride in Europe streets!
Would you like to take a ride within an Automated City Shuttle (ACS)? if yes, which of the 118
demonstration site in Europe you would choose?
Today, with the multiple European initiatives, ACS projects have been in test or pilot phase over 17
countries where France, Germany and Norway have been classified as leading countries in terms of number
of pilots [1]. Switzerland is the most advanced country regarding the integration of such mini-buses to the
public transportation systems [2].
Those European cities have been acquiring the ACS to enhance citizen’s quality of life by offering shared
mobility services with higher efficiency and reliability at lowest costs [3]. Their key motivation is to propose
an innovative public transportation through customised offers like on-demand and door-to-door
services with more accessibility to elderly, children and disabled users [4]. Though, such new
transportation paradigm needs to be approved by local authorities, adapted to real-life traffic conditions,
tolerated by other road users and accepted by their eventual passengers. As a matter of fact,
many pilots have popped up around Europe, drawing interest of university researchers, public
transportation operators and private companies to assess the advantages and limitations of such smart
mini-buses.
An overview of the key European projects would provide valuable insight on the integration of such
mini-buses to the public transportation system. Table 1 depicts the major funded projects revisiting the
offered public transportation services through ACSs. Such projects’ motivation varies from studying the
passenger experience to road user interactions like in Autobus [5] and Digibus Austria [6] projects. They
aim also to assess the ACSs’ social, economic, environmental and legal impact like in AVENUE [7] and
SPACE [8]. Others, like CityMobile2 [9], focused on long term impacts in addition to the safety and legal
certification of the ACSs.
Despite the project stage and accomplishments, the pilots aim to blend the traditional public transport
system with novel urban mobility. The listed projects have been demonstrating shuttles with level 3 and 4 of
automation according to the Society of Automotive Engineering (SAE) classification [10]. In other words,
they have been testing mini-buses operating on high self-driving mode with the presence of an operator.
Additionally, EasyMile EZ10 [11] and Navya Arma [12] (also called “Autonom Shuttle Evo”) are widely
used for European pilots as illustrated on Table 1. Actually, the first tested automated mini-bus in Europe
was called the ParkShuttle in Netherlands which has been upgraded to reach a third generation
model [13]. Further products have been tested but on smaller scale such as Olli [14] and Robosoft
Robucity [15].
Per the listed projects’ findings and publications, the ACS final deployment would depend on the vehicle
speed upgrade and more testing on realistic traffic conditions. Being limited to a speed of 25km/h, the
shuttle velocity can be slower than the cyclists’ speed which may impact the transportation
mode adaptation [1]. In addition, the vehicle abrupt breaking should be reduced as it represents
another hindrance influencing the travel experience and hence the ACS full integration to public
transport systems. Moreover, some sites have been operating under optimal conditions either by
testing the vehicle in rural areas or in low to medium demand ares which won’t reflect the vehicle
behavior within a high traffic circumstances [16]. Furthermore, the cities readiness and the
transportation systems should be coping with the fast approaching deployment of the ACS.
The mini-buses functioning would depend on smart infrastructure equipment supporting secure
vehicle communication with its external environment and with the different public transport
interfaces [17].
To mitigate the vehicle limitations and the project risks, it is noteworthy to mention that the ACS pilots
have a great support from coordination projects to upgrade the whole automated driving ecosystem.
Aligning Research and Innovation for Connected and Automated Driving in Europe (ARCADE) [18] is a
coordinate project supporting the different automated driving stakeholders through common research and
lesson learned approach on regulations, standards, gap analysis and recommendations. Within Shared
Personalised Automated Connected vEhicles (SPACE), a unique high level reference architecture has been
built to integrate ACSs into the public transport network. Besides, Spatial and Transport Impacts of
Automated Driving (STAD) [19] is a joint research project studying long term scale impacts of more
advanced levels of automated driving to provide more accurate planning and transportation
investments.
Table 1:Major Automated City Shuttles Projects in Europe
Projects
Pilots
Funded By
Duration
Status
Vehicle
Autobus [5]
Three locations in Oslo: Forus Kongsberg Akershusstranda
Vantaa (Finland) Sofia Antipolis (France) La Rochelle (France) Trikala (Greece) Oristano (Italy) San Sebastian (Spain) Stockholm (Sweeden) Lausanne (Swizerland)
Horizon2020
2012–2016
Ended
EasyMile EZ10 Robosoft
Robucity
Digibus
Austria [6]
Koppl Wiener Neustad Teesdorf Salsburg
Future
Mobility
2018–2021
Ended
Navya Arma EasyMile EZ10
FABULOS [17]
Gjesdal (Norway) Helsinki (Finland) Tallinn (Estonia) Lamia (Greece) Helond (Netherlands)
Horizon2020
2018–2021
Ended
Navya Arma
SOHJOA [20]
Kongsberg (Norway) Helsinki (Finland) Tampere (Finland) Estoo (Finland) Tallinn (Estonia)
Interreg
2016–2018
Ended
Navya Arma EasyMile EZ10
With the increasing Artificial Intelligence technologies, the deployment of 5G, the strong collaborations,
and the return of experience from pilots sites, the ACS readiness is approaching to shift the urban mobility
toward a smart transportation system.
Abbreviations
ACS Automated City Shuttle
ARCADE Aligning Research and Innovation for Connected and Automated Driving in Europe
SAE Society of Automotive Engineering
SPACE Shared Personalised Automated Connected vEhicles
STAD Spatial and Transport Impacts of Automated Driving
J. Ainsalu, V. Arffman, M. Bellone, M. Ellner, T. Haapamäki, N. Haavisto, E. Josefson, A.
Ismailogullari, B. Lee, O. Madland, R. Madžulis, J. Müür, S. Mäkinen, V. Nousiainen, E.
Pilli-Sihvola, E. Rutanen, S. Sahala, B. Schønfeldt, P. M. Smolnicki, R. M. Soe, J. Sääski, M.
Szymańska, I. Vaskinn, and M. Åman, “State of the art of automated buses,” Sustainability
(Switzerland), vol. 10, no. 9, 2018, issn: 20711050. doi: 10.3390/su10093118.
[3]
C. Iclodean, N. Cordos, and B. O. Varga, “Autonomous shuttle bus for public transportation:
A review,” Energies, vol. 13, no. 11, 2020, issn: 19961073. doi: 10.3390/en13112917.
[4]
J. Meyer, H. Becker, P. M. Bösch, and K. W. Axhausen, “Autonomous vehicles: The next
jump in accessibilities?” Research in Transportation Economics, vol. 62, pp. 80–91, 2017, issn:
07398859. doi: 10.1016/j.retrec.2017.03.005.
[5]
Norvegian Center for Transport research, Reseach project: Autobus - Transportøkonomisk
institutt. [Online]. Available: https://www.toi.no/autobus/.
K. Mouratidis and V. Cobeña Serrano, “Autonomous buses: Intentions to use, passenger
experiences,
and suggestions for improvement,” Transportation Research Part F: Traffic Psychology and
Behaviour, vol. 76, pp. 321–335, 2021, issn: 13698478. doi: 10.1016/j.trf.2020.12.007.
[Online]. Available: https://doi.org/10.1016/j.trf.2020.12.007.
Who are the actors in a typical cybersecurity scenario?
Cybersecurity plays a crucial role in today hyper-connected world. The cybersecurity
scenarios involve different knowledge actors that interact with complex Information
Technology (IT) systems. The User case scenarios are a common practices for analysing
requirements and developing complex software products. In addition, the aforementioned
scenarios can include cybersecurity view, during the requirement analysis to tune
up and meet the software product requirements. However, the threat scenarios, the
cybersecurity scenarios, can adopt other models, such as STRIDE, DREAD an so on.
Nowadays, the modern operators and the developers cannot adopt the threat models. In
fact, a large number of the developers, operators and software managers skip the
threat modelling, due to low knowledge on it and a reduced budget for the software
deployment.
The low skilled developer, operator and software could introduce the thread model during
the user case scenarios. However, who are the actors in a typical cybersecurity scenario? The
involved actors in a typical users case scenarios could be:
the final user, with no IT knowledge;
the administrator, with a basic knowledge and limited knowledge on the software;
the developer, with a limited knowledge on the software;
the operator, with a limited knowledge on the software;
the software delivery.
The final user can have a no IT, limited or full knowledge on the software. The final user, for a
enterprise software tools, is unknown at the time of purchase. An example is a high
skilled IT or hacker that buy or install a smartphone application, which can appreciate
the user graphic interface, the data consuming and the software logic. The final user
intensively interact with the final software product, finding a bug or asking for the
improvements.
The administrator is an intermediate actor that interacts with a limited and not purchase
software product views. For example, the administrator can modify the user' information,
analyse the software collected data and moderate the user actions. An example is an online blog,
where different users have different privileges, views and actions to update, modify, delete blog
entities and blog user.
The developer and operator couldn't know all software information. The first one can know a
limited information about the software products, which cannot be about the entire software
product, due to the assignment of a small portion of software product tasks. The operator can
also know the final software product proprieties, such as machine target, dependencies, setup
and host configuration. Moreover, the aforementioned actors can have a limited background
knowledge about the domain. Today, it is very simple to find and to study online a sub
set of software libraries, programming language and machine proprieties. Thus, the
developer and operator can learn and adapt the knowledge on an limited sub set of
software components. An example is a Drupal [https://www.drupal.org/], Joomla
[https://www.joomla.org/] and Wordpress web developer, which learns and acquires
only the knowledge about a limited software product. Furthermore, a Drupal, Joomla
and Wordpress web developer can buy a custom templates and plug-ins without to
know the software product process and makes beauty the own web site for selling
it.
The software delivery is the unique person that has to know the software product, from
economic benefits for the buyer, the limitations, security issue, bug tracks, versions
and change logs. The software delivery also knows the development and deployment
time.
How do the actors interact with the software product for a cybersecurity point of view? It is a
hard question. First of all, the software product use case must define the interaction actions and
the sensitive information, exchanged during the its use. In general, the software product has to
be resilient against the final user for incorrect input and for avoiding the exposure of sensitive
information. The final user can be a low skilled user, which cannot follow the software on
screen guide to fill out the software product forms. In addition, it has to be intuitive,
easy to use and accessible. Conversely, the software product cannot hide its sensitive
information, exposing an attack surface that a high skilled final user can exploit to
compromise its. The administrator could find a bugs and can be high skilled or not. In
addition, the administrator has to learn the feature of the software product for interacting
with its. In conclusion, the software deliver has to take in consideration the users' and
administrators' feedback and the action to mitigate the risks, informing the developers and
operators about the common vulnerabilities. The final user, also the administrator, has
to have a minimum background and Government should move forward to teach or
prepare the population about the software risks. In fact, the phishing attack is one of the
most common attacks, which can minimize if the final user is educated to avoid the
click on a malicious and suspicious emails, which is not for a low skilled user and/or
administrator. The software product Meanwhile, the developers and operators have to know
the common vulnerabilities, for example incorrect and insecure object serialization,
libraries bugs, Operating System (OS) vulnerabilities, insecure protocol, frameworks
security vulnerabilities and so on. Thus, the developers and operators should keep
updated about the used libraries, OS and frameworks news, meaning, they have to
learn the new risks. Finally, the software delivery has to be up-to-date and learn the
news about the involved IT technologies, tools, programming language and so, for
introducing new approaches during the development and deployment software product
stages.
Thus, the key of a good cybersecurity is not only in the software product stages. The
cybersecurity is also the process to learn, teach, to be up-to-date on the new risk vulnerabilities
and attack methodologies. It requires time and can be expensive. The benefits of awareness
actors increases the safety of the software product. An example is the bank that informs
the customers with the �daily tips� about the cybersecurity of the own bank account.
Or, a Government blog or Social Media posts can inform the population about the IT
vulnerabilities. In a few word, the cybersecurity is also synonym of knowledge and awareness
for avoiding a trivial malicious attacks, such as phishing, malware, ransomware and
virus.
Security by password authentication � do you remember them all?
It is a well known fact that human brains are not designed for remembering numerous
long and complex infrequently used phrases, a.k.a passwords. However, despite all
recommendations from a security usability point of view, most of the applications were built
depending on a human memorable password. Even nowadays it remains being the key
authentication system for most applications and services. Could it be possible to create an
even bigger design flaw in something that is supposed to be completely reliable and
secure?
First of all, let's examine the very simple notion of a basic password that each of
us must have to access any protected digital entity. How secure do you think is your
password? Did you ever really try to test it against a password cracking tool to verify
that it doesn't fall in the category of weak and easily crackable passwords (not just
following up the indication provided directly to you highlighting how secure or not is
your password)? If you never did, give it a try right away. Take for instance one of the
most popular ones password crackers, John the Ripper. Give it a shot first with the
password for your system. No luck? Good! Probably it is secure enough to be resistant
against basic cracking tools. But what if you will try it now with the password that you
usually use for some silly websites, which so desperately need to create an account
for you with a password? AHA! Seems that this time there is more luck! And yes, it is
quite normal, as we are all just humans. We tend to choose something really short
and simplistic for things we don't care... But there is always BUT! Did it ever happen
to you to reuse that same password on other sites, important and not important?
To make matters worse, over time you start to be confused if this site ever was and
still is useful or not. And here it comes! The main problem of the password-based
authentications. Imagine if one of such silly websites got compromised (or even not
compromised, just by a sheer lack of security the password got sent back to you in clear
text as a confirmation of your account creation), and here you go � potentially your
password that you used on many other sites got added to database of �crackable�
passwords...
What about a better approach? To avoid memorising different complicated passwords for
every single new web site, just use a password manager. There are many available in the wild:
browsers extensions, plugins, apps on a client side... Did you ever try any of them. For example
there are LastPass, KeePass, 1Password, Firefox's Password Manager, Chrome Account
Manager. While it is true that the use of these tools brings several security related
improvements, such as secured storage (no need to remember) and key generation
(complexity and entropy increase), it still has flaws raising the questions on usability and
trust.
Another devil follower of the password problematic is called �Open data passwords�, or better
known as �Security questions�. Thankfully, more and more systems are abandoning this old way
of providing additional security! However, even the most popular webmail providers still have to
deal with the legacy �leftovers� to restore access to lost accounts and this seems to be really
problematic with no good solution still available.
As password security is the main topic here, it is important to mention one of the side effects
of password authentication, namely theft of your credentials. If there would be no passwords �
there would be no phishing, as impersonating a website or email to steal your passwords are
the most common approaches for phishing. To alleviate this problem and to reduce
the risk of becoming a phishing victim, there are some really nice solutions to look
into.
Browsers built-in security: ensuring that the password stored for website matches the
domain name.
Two factor authentication: several combinations exist for unlocking protected assets,
e.g. phone app using code generator, phone app using QR code, card reader, USB
dongle.
Trusted Computing: the computer hardware is expected to behave in a particular way,
enforced by hardware embedded software and/or operational software at a higher
level.
In GHOST project, the end user is given a central role. The end user behaviour and aptitude is
integrated into security solution right from the beginning of the system design, allowing to build
a system where human flaws are known and timely addressed. This is why GHOST doesn't rely on
a traditional password-based authentication. Instead, a blockchain enhanced authorisation
system is put in place where only GHOST registered users can control and monitor their
smarthome.
Internet
of
Things
and
in
short
IoT,
these
electronic
devices
that
one
way
or
another
are
exchanging
bits
and
bytes
on
the
Internet
and
are
seemingly
everywhere
nowadays.
They
can
be
found
at
homes,
at
work
places,
in
the
city
infrastructure,
embedded
in
cars,
power
grids
and
on
people
themselves
as
wearables
and
other
electronic
‘gadgets’,
all
of
which
aimed
at
performing
specific
tasks.
These
networked
objects
are
equipped
with
sensors,
actuators,
processing
and
connectivity
protocols,
enable
object
interaction,
often
times
without
any
human
intervention,
and
steadily
grow
in
numbers.
In
early
2017,
Gartner
forecasted
8.4
billion
active
IoT
devices
to
be
used
in
2017
and
up
to
20.4
billion
by
2020
[https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016].These
numbers
seem
to
conflict
with
the
statistics
summarised
by
Financeonline.com
in
a
recent
(January
2020)
web
report
[https://financesonline.com/iot-statistics/],where
it
reported
for
2017
20.4
billion
devices.
It
is
unclear
why
these
numbers
differ
to
this
extend
(perhaps,
different
categorisation
on
what
is
an
Internet
of
Things
(IoT)
device),
but
we
leave
this
discrepancy
for
another
day
to
be
explored.
The
bottom
line
is
that
there
are
billions
of
these
devices
active
to
date
and
it
is
predicted
to
increase
their
number
tremendously
over
the
next
few
years.
This rises the concerns to what it means to live in a world surrounded by devices, which
provide their (continuous) observations as a multi dimensional data language, speaking to known
and unknown entities on the World Wide Web. The main concern stems from its inheritance,
namely the prevalent privacy and security issues surrounding the more traditional Internet-enabled
devices (personal computers). Due to IoT’s deployment environment, capabilities (often limited)
and their tasks, it often is exposed as an easy target and therefore even amplifies the issues at
hand.
How do we protect the devices that are installed in our environment and guarantee that their operation
is conform its description and will remain to do so over time? This problem however can already originate all
the way back to the manufacturer of even the tiniest component used in a device. On 27th of June 2019,
the European Union (EU) Cybersecurity Act entered into force, which allows the European
Union Agency for Cybersecurity (ENISA) to apply more resources on the establishment and
regulation of EU wide cybersecurity certification for products. In what manner this will take
shape has yet to be seen, as through the H2020 program, Universities, companies and non-profit
organisations are being called to cooperate on providing solutions to this complex problem, as
well as to become an advisor to them in the Stakeholder Cybersecurity Certification Group
(SCCG).
The certification of products, specifically for cybersecurity, is a step in the good direction, as for example
it might be very similar as the Conformité Européene (CE) marking which we already have in the EU. But
how can it guarantee a safe operation over time, other than legislative measures? It needs dedication, thus
time and money, from the manufacturer and/or provider to provide security updates and patches, which may
simply not be possible or feasible in the long run. It may however have beneficial side effects, as
manufacturers are forced to take greater care of their products. For example, Android devices, which to
date remains problematic concerning their support and upgrade ability to the latest system
[https://www.computerworld.com/article/3175067/android-upgrade-problem.html]. Many
manufacturers seem to favour people which throw out their one year old phone to simply ‘buy’ a new one,
which then comes installed with a more recent version of Android. So, not only the durability of the device
but also the environment may benefit from applying cyber security/supportive legislative measures and
certification that will chance the mindset of the manufacturers, but it may come at the cost of having less
profit.
More on the problematic side, the whole process for certification may, aside from a lot of extra
paperwork, raise the bar for the cost of entry to the market. Whereas a manufacturer may self certify a
product for a CE marking, it raises the question if this would also be possible for cybersecurity? For the big
companies the certification through a third party certainly would not be a problem, as often they already
have ISAE, ISO or SOC certifications to provide their products world wide. How would it affect start-ups,
and possibly any small to medium business, that plans to bring a product on the market with a cloud digital
infrastructure? Furthermore, over time older devices become more susceptible for attacks as newer security
measures cannot be provided, due to lack of support, processing power or other (hardware)
dependencies. To illustrate this a bit further, in May 2019 Zscaler published a white paper
stating that 91.5% of IoT communications used within corporate networks are unencrypted
[https://www.zscaler.com/blogs/research/iot-traffic-enterprise-rising-so-are-threats].
It is here that the idea of GHOST came to be, with utilising a personalised monitoring approach,
learning the device ‘normal’ behaviour and taking automatic decisions and/or informing the owner of a
device of any unusual activity. GHOST can monitor any device solely by its communication and be confined
to a gateway or router in order to minimise exposure of the monitoring system itself. This is a strength as
well as a weakness of the GHOST system, for its strength is being device agnostic, as it learns the device
and can be personally configured by the user. Its weakness, however, as long as a device’s communication
pattern is not disturbed, GHOST will not detect any tampering with a device directly. This could
still lead to unwanted data access of the device by direct access. In the paper by Abdulghani
[https://isec.unige.ch/\#publicationModal5] this particular problem is addressed by
proposing a framework of IoT classification and provide the linkage between guidelines, mitigation
techniques and the attacks. The work was further expanded into a reference model for securing IoT
[https://archive-ouverte.unige.ch/unige:123701], that specifically takes into account legacy or
generally low performance devices, where IoT devices are embedded with security structures according to
their classification. A set of IoT devices form a connected awareness in which the more capable IoT
devices will monitor the lesser IoT, and the lesser IoT are only allowed to communicate if the
higher capable IoT approve it. To enable this vision, however, it needs to be implemented by the
IoT manufacturers, and it only works best if all adhere to the same standard. This brings us
back to the importance of the EU Cybersecurity Act … “We will watch your career with great
interest”.
Abbreviations
CE Conformité Européene
ENISA European Union Agency for Cybersecurity
EU European Union
IoT Internet of Things
SCCG Stakeholder Cybersecurity Certification Group
